CVE-2022-1416

CVE-2022-1416

Name

CVE-2022-1416

Description

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://gitlab.com/gitlab-org/gitlab/-/issues/342988
MISC	https://hackerone.com/reports/1362405
CONFIRM	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1416.json

Type

URI

MISC

https://gitlab.com/gitlab-org/gitlab/-/issues/342988

MISC

https://hackerone.com/reports/1362405

CONFIRM

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1416.json

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gitlab:gitlab:14.10.0::::enterprise:::`	gitlab	== None	== 14.10.0
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 14.9.0	< 14.9.4
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 1.0.2	< 14.8.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gitlab:gitlab:14.10.0:*:*:*:enterprise:*:*:*

gitlab

== None

== 14.10.0

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 14.9.0

< 14.9.4

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 1.0.2

< 14.8.6

References

Match rules

Vulnerable and fixed packages